LiveActive security incident?Get immediate response
CVE Record

CVE-2023-53717: wifi: ath9k: Fix potential stack-out-of-bounds write in ath9k_wmi_rsp_callback()

In the Linux kernel, the following vulnerability has been resolved: wifi: ath9k: Fix potential stack-out-of-bounds write in ath9k_wmi_rsp_callback() Fix a stack-out-of-bounds write that occurs in a WMI response callback function that is called after a timeout occurs in ath9k_wmi_cmd(). The callback writes to wmi->cmd_rsp_buf, a stack-allocated buffer that could no longer be valid when a timeout occurs. Set wmi->last_seq_id to 0 when a timeout occurred. Found by a modified version of syzkaller. BUG: KASAN: stack-out-of-bounds in ath9k_wmi_ctrl_rx Write of size 4 Call Trace: memcpy ath9k_wmi_ctrl_rx ath9k_htc_rx_msg ath9k_hif_usb_reg_in_cb __usb_hcd_giveback_urb usb_hcd_giveback_urb dummy_timer call_timer_fn run_timer_softirq __do_softirq irq_exit_rcu sysvec_apic_timer_interrupt

UnknownCVSS not scoredNot KEV-listedUpdated
Glexia's TakeAutomated analysisunknown

Security readout for executives and security teams

Plain-English summary

CVE-2023-53717 is a Linux kernel flaw in the ath9k Wi-Fi driver path. After a command timeout, a later response callback can write to a stack buffer that may no longer be valid. The public record does not provide CVSS, confirmed exploitation, or a complete business-impact assessment.

Executive priority

Treat this as a targeted kernel maintenance item unless your fleet depends on ath9k Wi-Fi hardware. There is no source-backed evidence of active exploitation, but kernel memory corruption issues should be remediated through normal patch cycles once vendor fixes are available.

Technical view

The issue is a potential stack out-of-bounds write in ath9k_wmi_rsp_callback()/ath9k_wmi_ctrl_rx after ath9k_wmi_cmd() times out. The fix resets wmi->last_seq_id to 0 on timeout so a stale response is not copied into an expired stack-allocated cmd_rsp_buf.

Likely exposure

Exposure appears limited to Linux systems using the ath9k Wi-Fi driver path, especially ath9k HTC USB-related handling shown in the trace. The source bundle lists Linux kernel versions and stable commits, but does not provide distribution-specific affected package ranges.

Exploitation context

The issue was found by a modified syzkaller and includes a KASAN stack-out-of-bounds report. The bundle says KEV is false and provides no cited evidence of active exploitation, public exploit availability, or real-world compromise.

Researcher notes

The key condition is a timeout in ath9k_wmi_cmd() followed by response handling that writes through a stale stack buffer pointer. Source detail supports root-cause analysis, but not exploitability, attacker prerequisites, or reachable attack surface in deployed environments.

Mitigation direction

  • Update to a vendor kernel containing the cited stable fixes.
  • Check Linux distribution advisories for backported fixes.
  • Prioritize hosts using ath9k-supported Wi-Fi hardware.
  • If ath9k is unused, review vendor guidance on disabling the driver.
  • Track kernel package updates across embedded and appliance images.

Validation and detection

  • Inventory Linux systems with ath9k or ath9k_htc modules present.
  • Map running kernel versions to vendor fixed package versions.
  • Confirm relevant stable commit fixes are included or backported.
  • Review kernel logs for ath9k timeout or KASAN-related reports.
  • Validate remediation after reboot into the patched kernel.
Prepared
Confidence
medium
Sources
10

Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.

Potential ATT&CK relevance

Conservative CVE-to-ATT&CK context

These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.

ATT&CK lookup starting points

Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.

cve · low confidence lookup

CVE-2023-53717 mapping review

Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.

Open ATT&CK lookup
Vulnerability profileCVE Program record
Severity
Unknown
CVSS
Not scored
Known Exploited
No
Published
Official CVE source material

CNA and ADP enrichment extracted from CVE v5

These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.

0CVSS vectors
3Timeline events
0ADP providers
9Source links

Vulnerability timeline

Timeline events are normalized from CVE metadata, CNA source timelines, ADP timelines, and KEV metadata when present.

  1. CVE reservedCVE Program

    The CVE ID was reserved by the assigning CNA.

  2. CVE publishedCVE Program

    The CVE record was published.

  3. CVE updatedCVE Program

    The CVE record metadata indicates this as the latest update time.

Affected products

Products and packages named in the record

VendorProductVersion / packageStatus
LinuxLinuxfb9987d0f748c983bb795a86f47522313f701a08, fb9987d0f748c983bb795a86f47522313f701a08, fb9987d0f748c983bb795a86f47522313f701a08, fb9987d0f748c983bb795a86f47522313f701a08, fb9987d0f748c983bb795a86f47522313f701a08, fb9987d0f748c983bb795a86f47522313f701a08, fb9987d0f748c983bb795a86f47522313f701a08, fb9987d0f748c983bb795a86f47522313f701a08unaffected
LinuxLinux2.6.35, 0, 4.14.308, 4.19.276, 5.4.235, 5.10.173, 5.15.99, 6.1.16, 6.2.3, 6.3affected
Weakness

CWE details

No CWE listed

CWE links open Glexia weakness intelligence pages with official CWE context, developer remediation guidance, and related CVE mappings.